Microsoft Internet Explorer Scripting Engine memory corruption vulnerability

Overview

The Microsoft Internet Explorer Scripting Engine contains a memory corruption vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code.

Description

Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability.

This vulnerability was detected in exploits in the wild.

---

Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page an email attachment), PDF file, Microsoft Office document, or any other document that supports embedded Internet Explorer scripting engine content, an attacker may be able to execute arbitrary code.

---

Solution

Apply an update

This issue is addressed in the Microsoft update for CVE-2020-0674. Please also consider the following workaround:

---

Restrict access to jscript.dll

jscript.dll is a library that provides compatibility with a deprecated version of JScript that was released in 2009. Blocking access to this library can prevent exploitation of this and similar vulnerabilities that may be present in this old technology. When Internet Explorer is used to browse the modern web, jscript9.dll is used by default. Note, however, that any given website has the ability to opt in to using the legacy jscript.dll instead of the default.

From Security Advisory ADV200001:

For 32-bit systems, enter the following command at an administrative command prompt:

takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N

For 64-bit systems, enter the following command at an administrative command prompt:

takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N

To revert the above changes:

For 32-bit systems, enter the following command at an administrative command prompt:

cacls %windir%\system32\jscript.dll /E /R everyone

For 64-bit systems, enter the following command at an administrative command prompt:

cacls %windir%\system32\jscript.dll /E /R everyone
cacls %windir%\syswow64\jscript.dll /E /R everyone

By default, IE11, IE10, and IE9 uses Jscript9.dll which is not impacted by this vulnerability. This vulnerability only affects certain websites that utilize jscript as the scripting engine.

Vendor Information

338824

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Affected

Updated: February 19, 2020

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674&gt;

CVSS Metrics

Group	Score	Vector
Base	7.5	AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal	7.1	E:H/RL:W/RC:C
Environmental	7.1	CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

• <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001&gt;
• <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674&gt;

Acknowledgements

This document was written by Will Dormann.

Other Information

CVE IDs:	CVE-2020-0674
Date Public:	2020-01-17 Date First Published: